Ransomware attacks and cyber business interruptions in 2017 were worse than ever, with claims for losses surpassing the previous four years combined, research by insurance group AIG has found.

According to its report, over a quarter of cyber claims (26 percent) received in 2017 had ransomware as the primary cause of loss - a significant leap from 16 percent of claims in the years 2013-2016.

“The combination of leaked National Security Agency (NSA) tools plus state-sponsored capabilities triggered a systemic event,” said Mark Camillo, head of cyber for EMEA at AIG. “The Wannacry outbreak, which hit hundreds of thousands of machines around the world, could have been worse in terms of scale and insured losses if a UK researcher hadn’t quickly found and activated the kill switch.”

Data breaches by hackers, other security failures including unauthorized access and impersonation fraud were among the other main breach types, according to the report. AIG explained that human error continues to be a significant factor in the majority of cyber claims despite the fact that the proportion of claims caused by employee negligence reduced marginally to seven percent last year.

Claims frequency has also increased yet again in the last year. In 2017 AIG’s specialist cyber claims staff were handling the equivalent of one claim per working day. The growth in claims frequency reflects a broader trend of cyber loss escalation.

The report outlined that as cyber insurance becomes a more common purchase for many organizations, buyers are also becoming more familiar with the product. “They understand more fully the scope of their cover and what incidents can and should be notified to their insurance carrier.”

While financial services continues to be a major contributor of claims, the sector made up a lower percentage in 2017 (down to 18 percent compared to 23 percent in the years 2013-2016).

“There’s still an attitude that company leaders think, ‘it won’t happen to me’ or ‘I don’t have any interesting data so why would I be a target?’ But even if a business doesn’t hold interesting data it can still fall victim to ransomware extortion, and if files are encrypted the business cannot function,” said Kathy Avery, financial lines major loss adjuster for AIG.

The notorious WannaCry ransom attack which occurred in May 2017, targeted computers around the world that used the Windows operating system. During the attack, personal data was stolen from private users and ransom payment was requested in the form of bitcoin. It impacted companies in numerous sectors, including healthcare, financial services, logistics, education and manufacturing.

While ransom payments only generated less than $150,000, total economic losses associated with WannaCry are estimated at $8 billion, with half a billion dollars attributed to direct costs and indirect business disruption.

“There were a couple of instances last year where companies were really on their knees because they did not have good back-ups,” said Jose Martinez, vice president of financial lines major loss claims at AIG.